CertiK: Analysis of the theft of 1,400 bitcoins from Github users

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

CertiK: Analysis of the theft of 1,400 bitcoins from Github users

CertiK

2020-09-03 07:26

本文约1433字，阅读全文需要约6分钟

The CertiK Skynet system (Skynet) detected that 1,400 tokens of the Bitcoin theft incident have begun to be transferred to multiple different addresses.

text

secondary title

Event recovery and analysis

The user is using the Electrum Bitcoin wallet, which was last used in 2017. Electrum has released security updates since then, but the user has not installed them.

When a user uses Electrum to make a transaction, the wallet will broadcast a transaction to the server. If there is a problem with the transaction, the server will return an error message and display it to the user in the form of a pop-up window.

Electrum wallets before version 3.3.2 will not verify the error information returned by the server, and even render the returned information in html (refer to link 4).

text

secondary title

CertiK Security Team Advice

When users use wallets for transactions, they need to ensure that the wallets are of the latest version. Old versions of wallets may have loopholes that can be exploited by hackers.
When downloading the wallet update, the user should pay attention to verify whether the download URL is consistent with the official one, and verify the signature of the wallet after the download is completed.
Reference link:

Reference link:

1. https://github.com/spesmilo/electrum/issues/5072

2. https://zhuanlan.zhihu.com/p/53920688

3. https://www.blockchain.com/

4. https://github.com/spesmilo/electrum/issues/4968

5. http://twitter.com/electrumwallet/status/1106479573917724672